Users that send funds at a price lower than the current low bid have the funds locked

Lines of code Vulnerability details If a user contributes funds after there is no more supply left, and they don't provide a price higher than the current minimum bid, they will be unable to withdraw their funds while the NFT remains unbought. Impact Ether becomes stuck until and unless the NFT i...

Improper Validation of Specified Quantity in Input in vim/vim

...

CVE-2022-2845

CVE-2022-2845 (vim): Vim before 9.0.0218 is affected by a buffer over-read in vim/vim due to improper validation of input quantity. This can lead to a crash or memory corruption when opening crafted files. The issue is fixed in 9.0.0218 and later; update Vim to an affected product version >= 9...

uint256 => uint120 silent overflow

Lines of code Vulnerability details When converting a number from uint256 to a smaller type, solidity truncates it without raising errors. In our case, this operation is performed when saving numerator and denominator to the storage variable orderStatusorderHash code link...

Pimcore XSS Vulnerability

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

GHSA-276R-24XQ-HWG8 Pimcore XSS Vulnerability

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

Cross-site Scripting (XSS)

pimcore is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the input of Abbreviation, Longname, Converter Service at "Settings" = "Data Objects" = "Quantity Value" in the pimcore service...

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11...

Input validation

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0596 Improper Validation of Specified Quantity in Input in microweber/microweber

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11...

PT-2022-13291 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.2.11 Description: The issue is related to improper validation of specified quantity in input, which can lead to business logic errors. This could allow an attacker to manipulate the total value and...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of Abbreviation, Longname, Converter Service at "Settings" = "Data Objects" = "Quantity Value" in the...

CVE-2022-0414

Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0...

PT-2022-13165 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: dolibarr/dolibarr versions prior to 16.0 dolibarr/dolibarr version 14.0.5 and earlier Description: The issue is related to improper validation of specified quantity in input, which can lead to business logic errors. This can potentially be...

CVE-2022-0174

Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr...

CVE-2022-0174

CVE-2022-0174 concerns an improper validation of a specified quantity in input within the Dolibarr project (dolibarr/dolibarr). Public records identify a vulnerability in Dolibarr with a CVSS v3.1 base score of 4.3 (MEDIUM) and CVSS v2 base score of 4.0 (MEDIUM). The content available notes the a...

PT-2022-13010 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: dolibarr affected versions not specified Description: The issue concerns an improper validation of specified quantity in input, leading to business logic errors. This occurs because the application does not check the input of price numbers,...

_calculateMaltRequiredForExit makes wrong calculations

Handle 0x0x0x Vulnerability details Proof of concept calculateMaltRequiredForExit calculates the quantity of malts returned. uint256 maltQuantity = userMaltPurchased.mulamount.divuserCommitment; uint256 fullReturn = maltQuantity.mulcurrentPrice / pegPrice; userMaltPurchased / userCommitment...

Business Logic Errors in simplcommerce/simplcommerce

Description SimplCommerce allows negative product allowing one to get products for free The fix here https://github.com/simplcommerce/SimplCommerce/issues/971 does not work because client-side controls can by bypassed by modifying the POST request Proof of Concept 1: Add one $75 and $25 item in...